Privacy Policy

Last updated: 24-May-2025

1. Introduction

OfCashy.com ("OfCashy," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application and related services (the "Service").

We follow industry best practices for financial data privacy. By using OfCashy, you consent to the data practices described in this policy.

You own your financial data. We never sell your personal or financial information to third parties.

2. Information We Collect

2.1 Information You Provide Directly

Category	Specific Data Points
Account Information	Name, email address, password (hashed, not stored in plain text)
Billing Information	Payment method details (processed by third-party; we store only last 4 digits and expiry)
Financial Data	Income amounts, expense transactions, wallet balances, category names, currency preferences, budget targets
Profile Preferences	Dashboard layout, notification settings, theme preferences
Communications	Support tickets, feedback, survey responses, email correspondence

2.2 Information Collected Automatically

When you use the Service, we automatically collect:

Data Type	Examples	Purpose
Usage Data	Pages visited, features used, time spent, click patterns	Improve user experience and fix bugs
Device Information	Browser type, OS version, screen resolution, device model	Ensure compatibility and performance
Log Data	IP address, timestamps, referral URLs, error logs	Security monitoring and troubleshooting
Cookies & Similar Tech	Session tokens, preference cookies, analytics identifiers	Keep you logged in and remember settings

2.3 Information from Third Parties

We receive transaction data, account balances, and account holder names

We do not store your bank login credentials

Third-party services have their own privacy policies; review them separately

3. How We Use Your Information

Purpose	Legal Basis (GDPR)	Data Used
Provide the Service	Contract performance	Account info, Financial Data
Process payments	Contract performance	Billing information
Improve & optimize	Legitimate interest	Usage data, device info
Security & fraud prevention	Legal obligation + legitimate interest	IP addresses, log data
Customer support	Contract performance	Communications, account data
Send service updates	Legitimate interest	Email address
Comply with legal requests	Legal obligation	Any relevant data

We do NOT:

- Sell your personal or financial data to advertisers or data brokers
- Use your financial data for targeted advertising
- Share your data with third parties for their own marketing

4. Data Sharing and Disclosure

4.1 When We Share Data

We share your information only in these limited circumstances:

Recipient Category	Data Shared	Purpose
Service Providers	Payment info, email address, usage data	Payment processing, email delivery, hosting, analytics
Legal Authorities	Any relevant data	To comply with subpoenas, court orders, or legal obligations
Business Transfers	All user data	Merger, acquisition, or asset sale (with notice)
With Your Consent	As specified	When you explicitly agree to share

4.2 Current Service Providers

Provider	Purpose	Data Shared
Stripe / PayPal / Paddle	Payment processing	Billing info, email
AWS / Google Cloud	Cloud hosting	All encrypted data
SendGrid / Resend	Transactional emails	Email address
Sentry / LogRocket	Error tracking	Usage data, anonymized errors
Plaid	Bank connections	Transaction data

4.3 Anonymous & Aggregated Data

We may create anonymized, aggregated data that cannot identify you (e.g., "average monthly spending of Paid users"). This data is owned by OfCashy and may be used for marketing, benchmarking, or product improvement without restriction.

5. Data Security

We implement industry-standard security measures:

Security Layer	Implementation
Encryption at Rest	AES-256 for all stored financial data
Encryption in Transit	TLS 1.3 for all web traffic
Password Storage	Hashing with unique salts
Database Access	Least-privilege principles + IP whitelisting
Authentication	2FA
Backups	Encrypted daily backups with 30-day retention
Audit Logs	All access to financial data is logged

User Responsibility: You are responsible for keeping your password secure. Enable 2FA. We cannot decrypt data lost due to compromised credentials.

In Case of Breach: If a data breach exposes your personal information, we will notify you within 72 hours of discovery (as required by GDPR) and provide remediation steps.

6. Data Retention

Data Type	Retention Period
Active Account Data	For as long as your account is active
Deleted Account Data	Permanently deleted within 30 days of deletion request
Anonymized Analytics	Indefinitely (cannot identify you)
Payment Records	7 years (for tax and legal compliance)
Support Tickets	2 years after resolution
Email Logs	12 months

Your Financial Data is YOURS. Upon account deletion, we permanently erase all personal financial data. We do not hold it hostage.

7. Your Rights and Choices

7.1 Rights Under GDPR (For EU Users)

If you are in the European Economic Area (EEA), you have the following rights:

Right	Description	How to Exercise
Right to Access	Get a copy of all data we hold about you	Request via support@ofcashy.com
Right to Rectification	Correct inaccurate or incomplete data	Edit in Account Settings or email us
Right to Erasure ("Right to be Forgotten")	Delete your data and account	Request via support@ofcashy.com
Right to Restrict Processing	Limit how we use your data	Email support@ofcashy.com
Right to Data Portability	Receive your data in a machine-readable format (CSV, JSON)	Request via support@ofcashy.com
Right to Object	Stop processing based on legitimate interests	Email support@ofcashy.com
Right to Withdraw Consent	Opt out of optional data collection	Adjust cookie/preference settings

We respond to all requests within 30 days (faster where possible).

7.2 Rights Under CCPA (For California Users)

If you are a California resident, you have:

Right	Description
Right to Know	What personal data we collect and share
Right to Delete	Request deletion of your personal information
Right to Opt-Out	Of "sales" of personal data (we do not sell data)
Right to Non-Discrimination	Equal service regardless of privacy choices

To exercise CCPA rights, contact us at support@ofcashy.com with "CCPA Request" in the subject line.

7.3 General Controls (All Users)

Action	Where to Do It
Update account info	Account Settings → Profile
Export your data	Request via support@ofcashy.com
Delete your account	Request via support@ofcashy.com
Manage cookies	Browser settings or our Cookie Preferences popup
Unsubscribe from emails	Click "Unsubscribe" in any marketing email

8. Cookies and Tracking Technologies

8.1 Cookies We Use

Cookie Type	Purpose	Duration
Essential	Authentication, security, core functionality	Session / 24 hours
Preference	Remember your settings	1 year
Analytics	Understand usage patterns	14 months (opt-out available)
Optional	Support chat functionality	Opt-in required

8.2 Your Cookie Choices

Browser Settings: Block third-party cookies or all cookies (may break functionality)

Cookie Banner: Adjust preferences on first visit or via the "Cookie Settings" link in footer

9. International Data Transfers

OfCashy is headquartered in United Kingdom. Your data may be transferred to and processed in:

United States (cloud hosting providers)

European Union (some subprocessors)

Other jurisdictions where subprocessors operate

Safeguards: For transfers from the EEA, we rely on:

Standard Contractual Clauses (SCCs) approved by the European Commission

GDPR-compliant Data Processing Agreements with all subprocessors

By using OfCashy, you consent to these transfers.

10. Children's Privacy

OfCashy is not intended for children under 18 (or 16 in certain jurisdictions). We do not knowingly collect information from children.

If you are a parent and believe your child has created an account, contact us immediately

We will delete the account and all associated data within 48 hours of verification.

11. Third-Party Links

The Service may contain links to external websites (blogs, partners, payment gateways). We are not responsible for the privacy practices of those sites. Read their privacy policies separately.

12. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements.

Type of Change	Notice Period
Minor updates (typos, clarifications)	No notice required; changes effective immediately
Material changes (new data uses, sharing practices)	30 days' notice via email + in-app notification

The "Last Updated" date at the top of this policy indicates when changes were made. Continued use of the Service after material changes constitutes acceptance.

13. Data Protection Officer (DPO)

For GDPR compliance and privacy matters, you may contact our Data Protection Officer:

Method	Contact
Email (DPO)	support@ofcashy.com
Email (Privacy Team)	support@ofcashy.com

14. Supervisory Authority (EU Users)

If you believe our processing of your personal data violates GDPR, you have the right to lodge a complaint with your local supervisory authority (e.g., ICO in the UK, CNIL in France). However, we encourage you to contact us first so we can resolve the issue directly.

15. Contact Information

For any privacy-related questions, requests, or concerns:

Purpose	Contact
General privacy questions	support@ofcashy.com
Data deletion requests	support@ofcashy.com
Security vulnerabilities	support@ofcashy.com
Legal requests	support@ofcashy.com

Response Time: We acknowledge all privacy inquiries within 72 hours and resolve most requests within 30 days.

OfCashy.com - Your data stays yours. Always.

For any privacy concerns, email support@ofcashy.com. We take your trust seriously.

Start Managing Money Smarter